chore(deps): update dependency jsdom to v22 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
jsdom	^17.0.0 -> ^22.0.0

---

Release Notes

jsdom/jsdom (jsdom)

v22.1.0

Compare Source

• Added crypto.randomUUID(). (jamesbvaughan)
• Added DOMRect and DOMRectReadOnly.
• Added AbortSignal.timeout().
• Added abortSignal.throwIfAborted().
• Added support for the submitter argument to the FormData constructor. (jenseng)
• Improved getComputedStyle()'s results for color-based properties, to resolve named colors and attempt to provide initial inheritance support. (hoekz-wwt)
• Updated Window's event handler properties (e.g. oncopy, ontouchstart, etc.) to reflect the latest list from the standard.
• Fixed DOMParser-created documents to inherit their URL from the creating document.

v22.0.0

Compare Source

• Node.js v16 is now the minimum supported version.
• Removed support for running jsdom in the browser via a browserified bundle. This carried with it too much complexity, especially for our testing infrastructure, and a testing package we relied on was recently deprecated.

v21.1.2

Compare Source

• Fixed setRangeText() used on <input> and <textarea> elements to calculate the new end index correctly. (pmstss)
• Fixed pageX, pageY, offsetX, and offsetY on MouseEvents during dispatch. (jenseng)
• Upgraded nwsapi to v2.2.4, bringing along various fixes to our selector engine.

v21.1.1

Compare Source

• Fixed jsdom.reconfigure() to also adjust the URL as seen by the history API, so that e.g. history.replaceState(null, "") would not mess up the URL. (jdufresne)
• Fixed location.hash = "" to leave any # in location.href.
• Fixes a few bugs with CSS parsing by replacing cssom with rweb-cssom, since the latter is maintained. (seanparmelee)

v21.1.0

Compare Source

• Added x, y, pageX, pageY, offsetX, and offsetY to MouseEvent. (jenseng, ViniciusFXavier)
• Added support for unset with getComputedStyle(). (jsnajdr)
• Added the submitter property to SubmitEvent. (jenseng)
• Fixed MouseEvent's screenX and screenY to no longer coerce to integers, allowing fractional values. (jenseng)
• Fixed formEl.submit() to not longer fire submit events. (jenseng)
• Fixed stylesheets to no longer affect the document after their corresponding <link> is removed. (jsnajdr)
• Fixed pointer-events to inherit when used with getComputedStyle(). (jnajdr)
• Fixed <script> elements with no src="" to no longer fire load events. (t1ger2080)
• Improved getComputedStyle() to cache its results, which should make it much faster. (jsnajdr)

v21.0.0

Compare Source

A potentially-breaking bug fix:

• Fixed the window, document, location, and top properties of Window to be non-configurable. (ExE-Boss)

Other changes:

• Added support for <input type=image> submitting forms. (jenseng)
• Added the location setter to the Window object, which forwards to the location.href setter. Setting the URL is still only implemented for fragment navigations, however. (ExE-Boss)
• Fixed defer="" <script> elements that are added after DOMContentLoaded to execute, instead of being skipped.
• Fixed selectElement.selectedOptions being incorrect when optionElement.selected is set. This was a regression introduced in v20.0.1. Unfortunately this also reverts the performance improvement when appending <option> elements that was introduced then. (eps1lon)
• Fixed the self, locationbar, menubar, personalbar, scrollbars, statusbar, toolbar, frames, parent, external, length, and screen properties of Window to be replaceable: that is, setting them will override their values, instead of having the new value be ignored. (ExE-Boss)
• Fixed a few issues with JSDOM.fromURL() in the browser build of jsdom. (LungZeno)

v20.0.3

Compare Source

• Updated dependencies, notably w3c-xmlserializer, which fixes using DOMParser on XML documents containing emoji.

v20.0.2

Compare Source

• Fixed xhr.abort() to no longer give an exception when the constructed XMLHttpRequest was invalid. (whamtet)
• Fixed event.getModifierState() on MouseEvent and KeyboardEvent instances to properly consult the ctrlKey, altKey, metaKey, and shiftKey properties of the event. (juzerzarif)
• Fixed custom element creation to not be affected by any modifications to the window.customElements property. (bicknellr)

v20.0.1

Compare Source

• Improved the performance of appending <option> elements to <select> elements. (TheHound)
• Fixed location.pathname getter to not crash when the JSDOM instance was created using an opaque-path URL, including the default URL of about:blank.
• Fixed crypto.getRandomValues() to accept typed array subclasses. (sebamarynissen)
• Updated various dependency minor versions. Notably, nwsapi fixed some selectors bugs, and tough-cookie fixed some cookie bugs.

v20.0.0

Compare Source

• Node.js v14 is now the minimum supported version.
• Added crypto.getRandomValues(). (sjrd)
• Added HTMLFormControlsCollection and RadioNodeList, so formEl.elements now behaves correctly. (UndefinedBehavior)
• Added the signal option to addEventListener(). (cheap-glitch)
• Fixed the :root pseudoclass to work correctly. (hughs-ch)
• Updated parse5, bringing along some HTML parsing and serialization fixes. (fb55)

v19.0.0

Compare Source

• Changed jsdom.nodeLocation() to return undefined when used on nodes that originate via fragment parsing (e.g., via innerHTML). Previously it would return based on the node location of the fragment string, which made node locations unreliable with respect to the original document source. This restores the behavior that was present in v14.0.0, and was accidentally broken in v14.1.0. (bakkot)
• Fixed calling window.close() inside the Window's load event to no longer crash. (MattiasBuelens)

v18.1.1

Compare Source

• Fixed connectedCallback to fire in situations involving document fragments, which was broken in v18.0.1. (GrantGryczan)

v18.1.0

Compare Source

• Fixed headers.append() and headers.set() to normalize values. (MattiasBuelens)
• Fixed pageshow events to have bubbles: true and cancelable: true. (MattiasBuelens)
• Implemented the reason property on AbortSignals, along with the corresponding reason argument to abortSignal.abort() and AbortSignal.abort(). (MattiasBuelens)

v18.0.1

Compare Source

• Fixed live Ranges to update correctly after calling node.normalize(). (hgiesel)
• Fixed live Ranges to update correctly after removing child nodes. (hgiesel)
• Fixed setting inputEl.valueAsDate = null to no longer throw an exception, but instead set the value to the empty string. (simon-weimann)
• Improved performance of node insertion and node.contains(). (GrantGryczan)

v18.0.0

Compare Source

Potentially-breaking bug fixes:

• Fixed SSL certificate checking for WebSocket connections. Previously, invalid SSL certificates were always accepted; now, they properly respect the ResourceLoader's strictSSL option (which defaults to true).
• Changed the global in which almost all Promise and TypeError instances are created to be the jsdom global, not the Node.js global. This could affect any code that uses instanceof.

Other changes:

• Fixed moving an element between HTML and XML documents to reset the tagName cache, allowing it to return a lowercase value once it's in the XML document. (LucasLefevre)
• Fixed form submission to not happen when the form is invalid. (pozil)

---

Configuration

📅 Schedule: Branch creation - "before 4am on the first day of the month" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[socket-security]

New dependency changes detected. Learn more about Socket for GitHub ↗︎

---

👍 No new dependency issues detected in pull request

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

Pull request alert summary

Issue	Status
Install scripts	✅ 0 issues
Native code	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

---

📊 Modified Dependency Overview:

⬆️ Updated Package	Version Diff	Added Capability Access	+/- Transitive Count	Publisher
[email protected]	17.0.0...22.1.0	None	+29/-37	domenic